Hello, On Mon, Apr 20, 2020 at 09:12:54AM -0700, Shakeel Butt wrote: > I got the high level vision but I am very skeptical that in terms of > memory and performance isolation this can provide anything better than > best effort QoS which might be good enough for desktop users. However, I don't see that big a gap between desktop and server use cases. There sure are some tolerance differences but for majority of use cases that is a permeable boundary. I believe I can see where you're coming from and think that it'd be difficult to convince you out of the skepticism without concretely demonstrating the contrary, which we're actively working on. A directional point I wanna emphasize tho is that siloing these solutions into special "professional" only use is an easy pitfall which often obscures bigger possibilities and leads to developmental dead-ends and obsolescence. I believe it's a tendency which should be actively resisted and fought against. Servers really aren't all that special. > for a server environment where multiple latency sensitive interactive > jobs are co-hosted with multiple batch jobs and the machine's memory > may be over-committed, this is a recipe for disaster. The only > scenario where I think it might work is if there is only one job > running on the machine. Obviously, you can't overcommit on any resources for critical latency sensitive workloads whether one or multiple, but there also are other types of workloads which can be flexible with resource availability. > I do agree that finding the right upper limit is a challenge. For us, > we have two types of users, first, who knows exactly how much > resources they want and second ask us to set the limits appropriately. > We have a ML/history based central system to dynamically set and > adjust limits for jobs of such users. > > Coming back to this path series, to me, it seems like the patch series > is contrary to the vision you are presenting. Though the users are not > setting memory.[high|max] but they are setting swap.max and this > series is asking to set one more tunable i.e. swap.high. The approach > more consistent with the presented vision is to throttle or slow down > the allocators when the system swap is near full and there is no need > to set swap.max or swap.high. It's a piece of the puzzle to make memory protection work comprehensively. You can argue that the fact swap isn't protection based is against the direction but I find that argument rather facetious as swap is quite different resource from memory and it's not like I'm saying limits shouldn't be used at all. There sure still are missing pieces - ie. slowing down on global depletion, but that doesn't mean swap.high isn't useful. Thanks. -- tejun
